JBS USA, the world’s largest meat supplier, says it paid the equivalent of $11 million to hackers after a cyberattack late last month, which led to a temporary shutdown of a number of plants and disrupted production worldwide. 

What You Need To Know

  • JBS USA, the world’s largest meat supplier, says it paid the equivalent of $11 million after a cyberattack late last month

  • JBS said the vast majority of its facilities were operational at the time it made the payment, but it decided to pay in order to avoid any unforeseen issues and ensure no data was exfiltrated

  • The attack was the second major such incident in less than a month, following the attack on Colonial Pipeline earlier in May

  • Colonial CEO Joseph Blount admitted to paying a $4.4 million ransom, but earlier this week, U.S. authorities recovered millions of dollars in a cryptocurrency payment made to hackers after the Colonial attack

The news was first reported by the Wall Street Journal.

Brazil-based JBS SA said on May 31 that it was the victim of a ransomware attack, but Wednesday was the first time the company’s U.S. division confirmed that it had paid the ransom.

"This was a very difficult decision to make for our company and for me personally," Andre Nogueira, CEO of JBS USA, said in a statement. "However, we felt this decision had to be made to prevent any potential risk for our customers."

JBS said the vast majority of its facilities were operational at the time it made the payment, but it decided to pay in order to avoid any unforeseen issues and ensure no data was exfiltrated.

"Preliminary investigation results confirm that no company, customer or employee data was compromised," JBS said Wednesday.

The FBI has attributed the attack to a Russian-linked ransomware group known as REvil, or Sodinokibi, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months. The FBI said it will work to bring the group to justice and it urged anyone who is the victim of a cyberattack to contact the bureau immediately.

The attack was the second major such incident in less than a month. On May 7, the Colonial Pipeline Co., which provides about 45% of the fuel to the East Coast, was the victim of an attack that shut down its Texas-to-New Jersey pipeline for six days, sending fuel prices higher and panic buyers draining gas stations. U.S. officials have blamed the hacking group DarkSide, which also has links to Russia, for that ransomware attack, in which hackers disable computer networks while demanding large payments.

Colonial CEO Joseph Blount acknowledged paying the cyber criminals $4.4 million, a practice the federal government generally advises against because it encourages future attacks. But in an interview with The Wall Street Journal, Blount said he felt he had to pay the $4.4 million because executives were unsure how badly the cyberattack had breached Colonial Pipeline Co.’s systems or how long it would take to restore the pipeline, which provides about 45% of the fuel for the East Coast. 

“I know that’s a highly controversial decision. I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this," Blount said, adding: "But it was the right thing to do for the country."

But earlier this week, U.S. authorities recovered millions of dollars in a cryptocurrency payment made to hackers after the Colonial attack. In a statement, the DOJ announced that it seized 63.7 bitcoins, currently valued at approximately $2.3 million, a majority of the ransom paid.

"Ransomware attacks are always unacceptable – but when they target critical infrastructure, we will spare no effort in our response," Deputy Attorney General Lisa Monaco said at a press conference Monday, adding: "Today, we turned the tables on DarkSide."

The Associated Press contributed to this report.